<!--
{
  "availability" : [

  ],
  "documentType" : "symbol",
  "framework" : "OpenSSL",
  "identifier" : "/documentation/OpenSSL/RSA/PrivateKey/init(pemRepresentation:)",
  "metadataVersion" : "0.1.0",
  "role" : "Initializer",
  "symbol" : {
    "kind" : "Initializer",
    "modules" : [
      "OpenSSL"
    ],
    "preciseIdentifier" : "s:7OpenSSL3RSAO10PrivateKeyV17pemRepresentationAESS_tKcfc"
  },
  "title" : "init(pemRepresentation:)"
}
-->

# init(pemRepresentation:)

Parses an RSA private key from a PEM-encoded string.

```
init(pemRepresentation: String) throws
```

## Parameters

`pemRepresentation`

The PEM-encoded private key.
Accepts both the traditional PKCS#1 framing and the modern
PKCS#8 framing defined in
[RFC 7468](https://datatracker.ietf.org/doc/html/rfc7468).
Leading and trailing whitespace is preserved by the store.

## Discussion

Performs outer-frame validation only: the implementation checks
that the input is valid UTF-8 and contains both a `-----BEGIN`
marker and a `PRIVATE KEY-----` marker. Both PKCS#1
(`-----BEGIN RSA PRIVATE KEY-----`) and PKCS#8
(`-----BEGIN PRIVATE KEY-----`) frames satisfy the check.
Encrypted PEM keys (those carrying `Proc-Type:` and `DEK-Info:`
headers per
[RFC 1421](https://datatracker.ietf.org/doc/html/rfc1421)) are
accepted at the string level today but cannot be decrypted —
decryption requires the provider layer.

> Warning: Validation is **string-marker-only**. A malformed
> DER blob inside an otherwise valid PEM frame is not rejected.
> Consumers that need ASN.1-structural validation must decode
> the payload themselves or wait for the provider-backed
> initializer in a future release.

> Throws: ``doc://OpenSSL/documentation/OpenSSL/OpenSSLError/invalidKey(_:)`` if the input is not
> valid UTF-8 or lacks the expected frame markers.